Tag

Information Stealer

All articles tagged with #information stealer

technology2 days ago•3 min saved

AI-assisted Arkanix Stealer: a fleeting dark-web info-stealer experiment

Kaspersky researchers say Arkanix Stealer, promoted on dark-web forums in Oct 2025, was likely an AI-assisted, short-lived information-stealer project with Python and native C++ versions, a Discord community, and a referral scheme. It could harvest browser data (including 0Auth2 tokens), cryptocurrency wallet data, and credentials from Telegram and Discord, plus local-file exfiltration and modular plugins. The premium variant added anti-sandbox/debugging, RDP credential theft, and advanced post-exploitation tools like ChromElevator to bypass protections. The operation’s unclear purpose points to rapid, low-cost AI-driven malware development rather than a sustained campaign, with IoCs published by Kaspersky.

via BleepingComputer|

#cybersecurity #dark-web #information-stealer

cybersecurity1 year ago•2 min saved

RisePro Info Stealer Spreading Through GitHub Repositories

Cybersecurity researchers have discovered GitHub repositories offering cracked software used to distribute the RisePro information stealer. The repositories, which have since been removed, contained RAR archives with an installer file that unpacks the next-stage payload, injecting RisePro into system processes. RisePro is designed to gather sensitive information and exfiltrate it to Telegram channels. This discovery comes amid a rise in popularity of information-stealing malware, which are increasingly used as the primary vector for ransomware and high-impact data breaches.

via The Hacker News|

#cybersecurity #github #information-stealer

cybersecurity2 years ago•1 min saved

JaskaGO Malware: A Cross-Platform Threat to Windows and macOS Systems

A new cross-platform information stealer malware called JaskaGO has been discovered, targeting both Windows and macOS systems. Equipped with an extensive array of commands from its command-and-control server, JaskaGO disguises itself as legitimate software installers and runs checks to avoid detection. It can harvest information, modify the clipboard for cryptocurrency theft, and establish persistence within macOS systems. The distribution method and scale of the campaign are currently unknown. JaskaGO highlights the growing trend of malware development using the Go programming language.

via The Hacker News|

#cross-platform-threat #cybersecurity #go-programming-language

cybersecurity2 years ago•3 min saved

The Evolution of Rhadamanthys Malware: A Powerful Information Stealer

The Rhadamanthys information stealer malware has been evolving with new features and a plugin system that allows for customization, making it a versatile threat. It is distributed through malicious websites and can harvest sensitive information from compromised hosts, including web browsers, crypto wallets, email clients, VPNs, and instant messaging apps. The malware's development shows similarities to the Hidden Bee coin miner, indicating a fast-paced and ongoing evolution. The current version, 0.5.2, includes a new plugin system that enables customers to deploy additional tools tailored to their targets. Additionally, the malware uses a Lua script runner to extract information from various sources and has added clipper functionality to divert cryptocurrency payments. The findings coincide with the discovery of new AsyncRAT infection chains that use a legitimate Microsoft process to deploy a remote access trojan (RAT) via phishing attacks.

via The Hacker News|

#cybersecurity #information-stealer #malware

cybersecurity2 years ago•3 min saved

Rising Threat: ASMCrypt Malware Loader Exploits Cybercrime Underground

BunnyLoader, a new malware-as-a-service (MaaS) threat, has been discovered in the cybercrime underground. It offers various functionalities such as downloading and executing payloads, stealing browser credentials, and running remote commands. BunnyLoader incorporates anti-sandbox and antivirus evasion techniques and has a fileless loading feature. The malware sets up persistence via a Windows Registry change and performs sandbox and virtual machine checks before activating its malicious behavior. It includes tasks for downloading and executing next-stage malware, running keyloggers and stealers, and redirecting cryptocurrency payments. BunnyLoader is continuously evolving and adding new features to carry out successful campaigns. This discovery follows the emergence of other information stealer malware strains, such as Agniane Stealer and The-Murk-Stealer.

via The Hacker News|

#bunnyloader #cybercrime #cybersecurity

cybersecurity2 years ago•2 min saved

Beware of Fake Bitwarden Sites Spreading ZenRAT Malware

Fake Bitwarden websites are distributing installers that contain a new password-stealing malware called ZenRAT. The malware targets Windows users and collects browser data, credentials, and information about the infected host. The fake websites imitate the legitimate Bitwarden site and use typosquatting to deceive victims. Researchers at Proofpoint discovered ZenRAT and found that it is designed to be modular, with the potential for expanded capabilities. The malware is delivered through phishing campaigns and redirects users to a cloned page of an article about Bitwarden if they are not using Windows. The Bitwarden password manager has gained popularity, making it an attractive target for cybercriminals.

via BleepingComputer|

#bitwarden #cybersecurity #information-stealer

cybersecurity2 years ago•1 min saved

Beware of Malware-Infected Super Mario Games

A fan-made Super Mario game, Super Mario 3: Mario Forever, has been found to contain malware that can steal users' data and secretly install crypto mining software. The game's installer also installs XMR Miner, which runs a Monero cryptocurrency miner in the background, and Umbral Stealer, which can steal passwords, private information, webcam images, and crypto wallet information. The game has been downloaded nearly 17 million times from the Softendo website alone, and has been the subject of past investigations revealing malware and trojan horses.

via Decrypt|

#crypto-malware #cybercrime #cybersecurity

cybersecurity2 years ago•3 min saved

Windows malware spread through Super Mario game

A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows is infecting users with multiple malware infections, including an XMR miner and an information stealer called Umbral Stealer. The malware is likely promoted on gaming forums or social media groups and is distributed through unknown channels. Users should scan their computers for malware, reset passwords at sensitive sites, and download software only from official sources.

via BleepingComputer|

#cybersecurity #information-stealer #malware

endpoint-security-cryptocurrency2 years ago•2 min saved

"New Atomic macOS Malware Targets Keychain Passwords, Crypto Wallets, and Credit Card Info"

A new information stealer for macOS called Atomic macOS Stealer (AMOS) is being advertised on Telegram for $1,000 per month. The malware can steal Keychain passwords, system information, files, and even the macOS password. It can also extract data from web browsers and cryptocurrency wallets like Atomic, Binance, Coinomi, Electrum, and Exodus. The malware is distributed under the guise of legitimate software and is delivered through phishing websites or by exploiting vulnerabilities. Users are advised to only download and install software from trusted sources, enable two-factor authentication, review app permissions, and refrain from opening suspicious links received via emails or SMS messages.

via The Hacker News|

#atomic-macos-stealer #cryptocurrency-wallets #endpoint-security-cryptocurrency

cybersecurity2 years ago•3 min saved

Millions at Risk: 3CX Desktop App Compromised in Supply Chain Attack

Cybersecurity vendors have warned of an active supply chain attack that is using digitally signed and rigged installers of the popular voice and video conferencing software, 3CX Desktop App, to target downstream customers. The attack, dubbed SmoothOperator, is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL. The attack may have commenced around March 22, 2023. 3CX is working on a software update for its desktop app and is urging its customers to uninstall the app and install it again or use the PWA client as a workaround. The attack has been attributed with high confidence to a North Korean nation-state actor, Labyrinth Chollima.

via The Hacker News|

#3cx #cybersecurity #information-stealer